A UK view on Cyber, Information & IT Security by Security Expert Dave Whitelegg. Providing advice and explaining security for everyone, and also contemplating advanced themes and future trends in security.
With a focus on all the latest developments & issues within the UK Information Security space such as Hacking, DDoS, Botnets, Malware, Identity Theft, Data Protection (DPA) and regulatory compliance like PCI DSS & ISO27001:2013, all will be explained in an easy to understand way.

Sunday, 25 November 2007

HMRC: More Discs Go Missing, Is it Foul Play?

Yet more CD/DVDs have gone missing within HMRC's internal postage system, this time a batch of 6 "discs" have disappeared in transit in between Preston and London. This incident was spotted by HMRC on 30th October and apparently held customer complaint conversations, which I certainly would regards as personal information.

This is the third HMRC postage containing sensitive CDs which has gone missing within the same month, October 2007. Don't forget the CD which HMRC sent(lost) to Standard Life, which held 15,000 records, as reported on 2nd November, I can't forget that missing disc, as my personal details were on it!

So I have to ask whether there could be foul play? I can't answer that for certain as I don't work for HMRC or know all the facts, however I'm going to have a go at speculating since two of incidents involve my peronal information.

Organised criminals have been know to target large intuitions just for their data, going through external bins for info, using social engineering techniques, web hacking and even infiltrating organisation internally, there was a Scottish credit card call centre which was found to be deliberately infiltrated by a gang earlier in the year for money laundering purposes. It's too much of co-incidence for three packages containing CDs to have gone missing in the same month, I had period on Ebay where I sold loads of DVDs once, never had any packages go missing within the public postage system. It's not exactly hard to guess by the size and shape of the packaging that it holds a disc.

Interestingly if HMRC actually ships loads of CDs around their organisation all the time (which is bad) then you would have to say the stats wouldn't point to foul play at all. I do understand HMRC is a large and complex organisation, so it could be possible there are shed loads of CD/DVDs flying around HMRC, if there is, then there has to be a better and more secure methods of sharing that information.

To sum up my own conclusion on this, either HMRC sends CDs within the post unprotected as a matter of coarse OR HMRC send only a few CDs around which would indicate possible foul play, OR it's just a big co-incidence!

A lot of fraud, particularly identity theft does start in the mail system, HMRC mainly use TNT to deliver their mail between sites and organisations. In relation to the 25Million record discs, TNT are stating they don't think that missing package has even entered their mailing systems, but as it's unrecorded delivery they can't be certain, and I understand TNT are searching for it. A spokesman for HMRC recently said "All the evidence points to the fact that these discs are still on our premises," - Well if you keep searching and searching (I'm sure no stone is being left unturned) and they don't turn up, I think there is only one likely conclusion to be reached.

2 comments:

While the Civil service still insists on sending so much personal information on Families /couples /singles/through the post it has to be said this is handled by a significant number of non British people.Example London Royal mail closes down on Friday afternoon for Prayer.Point is this info is in high demand. Fact check out the nationalities by % of cases so far detected. One corrupt postal worker can obtain complete family statements down to the last detail -not just bank accounts/dobs/tel/mob/ex partners/child details/work history and much more.The poeple in charge never lose their jobs. APPAULING SITUATION

Support Bloggers Rights

About Me

ShareThis

Disclaimer

This is a personal website, all views or opinions represented in this blog are personal to Dave Whitelegg and guest bloggers that post, and do not represent the views or opinions of any business or organisation. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information.

All original content copyright David Whitelegg 2007-2016. You may not use any original content with. Awesome Inc. theme. Powered by Blogger.